What Is Connection Manager?

The Connection Manager suite of components provides administrators with the ability to create and maintain customized remote access connections and customized phone books of access numbers so that users can connect to a network using administrator-defined connection features. Administrators can distribute these customized remote access connections, called service profiles, by using a variety of methods, and they can customize the user interface with text and graphics that are unique to their organizations. Connection Manager service profiles appear in the connections folder on client computers, have their own distinct and brandable user interface, and can be used to connect to remote networks through servers that are running Routing and Remote Access, Internet Authentication Service (IAS), or remote access and virtual private networking technologies from companies other than Microsoft.

By customizing remote access connections and controlling how users remotely connect to a network, administrators who use the Connection Manager suite can simplify their remote access solutions, reduce the organizational resources dedicated to assisting remote users, and decrease the risk that remote connections pose to the network. The Connection Manager suite includes phone book services, so access numbers can be updated every time a user connects to the network without any action required by the user, regardless of the location of the user. Using the Connection Manager suite also helps organizations that have users in multiple geographic locations because administrators can ensure that local access numbers and virtual private network (VPN) servers are listed first. Administrators can create service profiles in multiple languages, providing a similar connection experience for all users regardless of language.

Although administrators can allow users to manually create remote access connections to a network, this method has major disadvantages for large networks with many remote access users. These disadvantages include:

The procedure for manually configuring remote access connections varies between Microsoft Windows operating systems. Administrators and support personnel would require separate procedures for supporting users on each operating system.

If any dial-up access numbers change, either the administrator or the user must reconfigure the connection by manually typing the new number. Administrators must manually inform users of access number changes.

Administrators do not have access to user-configured remote access connections, so enforcing network access requirements (such as the use of antivirus software) on remote computers is difficult.

The Connection Manager suite helps administrators solve these and other issues. Administrators can create connections that have a consistent user interface across all Windows operating systems, use specific authentication protocols, check for required programs, verify registry settings, update files and phone books, or perform any combination of these tasks. Using the Connection Manager suite provides numerous benefits that manually creating connections does not. These benefits include:

Branding

Administrators can customize the user interface to identify their organizations. Customizable elements include graphics, icons, and messages. Administrators can also customize online Help and phone books, and they can include support resources that are unique to their network needs.

Connection support

Administrators can customize individual aspects of the user connection, such as by providing routing table updates, by configuring user proxy settings for use during the connection, and by specifying what authentication protocols are used or what VPN protocol to try first when a connection is attempted. Administrators can also provide choices for users, such as a list of VPN servers that users can choose from when they make a connection. Users can save their favorite connection settings. Connection settings are saved based on user logon credentials, so multiple users on the same computer can share a service profile without having to share or re-create their settings.

Customizable program and application functionality

Administrators can incorporate custom functionality, including installing and running programs to enhance the connection experience for users. These programs can run automatically at various points during the connection process, such as when users disconnect or when an error occurs.

Integrated support for access numbers and phone books

Administrators can specify what phone books and access numbers are available to users. Businesses can contract access number support with multiple large Internet service providers (ISPs) and distribute these access numbers in their phone books. Administrators can configure service profiles to update phone books automatically when users connect to the organization network, eliminating the need for manually maintaining and updating lists of access numbers.

Logging

Administrators can configure whether connection attempts are logged by default on user computers and whether users can turn logging on or off. Log files can be used to troubleshoot connection problems.

Platform support

Administrators can create service profiles that provide a similar connection experience to users whose computers are running different Windows operating systems. Alternatively, administrators can create service profiles that require a specific Windows operating system to connect to the organization network.

Connection Manager Components

The Connection Manager suite consists of Connection Manager, the Connection Manager Administration Kit, and Connection Point Services. Connection Point Services itself consists of Phone Book Administrator and Phone Book Service.

Connection Manager

Connection Manager is client connection software that administrators can customize and distribute to users. The customized and distributed Connection Manager software, including all additional programs and applications that administrators include with it, composes a service profile. A service profile consists of all of the files that Connection Manager needs to install itself and then enable users to connect to the network. Administrators can maximize or minimize the identification of the service or organization, depending on what they include in a service profile.

Connection Manager Administration Kit

The Connection Manager Administration Kit (CMAK) is a wizard that guides administrators as they create and customize a Connection Manager service profile and then builds the service profile as a compressed, self-installing executable that administrators can distribute to users. Although using the CMAK wizard to build custom service profiles is simple, creating the custom elements requires careful planning and development.

Phone Book Administrator

Phone Book Administrator (PBA) is a tool to create and maintain phone book files for use with Connection Manager service profiles. Each phone book is a collection of points of presence (POPs) provided by either the administrator or one or more ISPs with which the organization has contracted to provide Internet access to its users. Each POP provides a local access number and connection settings for a specific region within a country or dependency. PBA compresses and publishes these phone books to a server running Phone Book Service. Administrators who do not intend to include phone books in their service profiles do not need to install PBA.

Phone Book Service

Phone Book Service (PBS) is an Internet Information Services (IIS) extension. When a service profile that is configured to check for phone book updates establishes a connection, Connection Manager queries the PBS server for a phone book update. PBS compares the version of the phone book that the service profile is using with the most recent files in the phone book database and then sends any updates to the service profile. Administrators who do not intend to include phone books in their service profiles do not need to install PBS.

Common Connection Manager Scenarios

Connection Manager is designed so that administrators can customize it to meet a wide variety of business needs. The following are some of the most common Connection Manager scenarios. Although the scenarios are fictional, administrators who set up and maintain remote access solutions commonly encounter the problems that the scenarios detail.

Businesses with many remote or traveling users

A sales company has many representatives who work in the field and who frequently need to make remote access connections to the corporate network. Long-distance charges are prohibitive, and the company does not want the expense of maintaining a large dial-up remote access solution. VPN connections across the Internet are more cost-effective but present more difficulties for inexperienced users. The best solution would be for users to connect to the Internet by dialing a local access number and then make VPN connections to the corporate network. This type of connection is known as a double-dial connection.

The company contracts with several large ISPs to provide local numbers for dial-up access to the Internet across the sales area of the company. The company imports the POP data from the ISPs into a single phone book using PBA and publishes the phone book to a PBS server on the perimeter network. Then the company configures a service profile that allows sales representatives to connect to the Internet by picking a local access number wherever they might be and then seamlessly makes a VPN connection to the corporate network. The company installs the service profile on all corporate laptops and also makes the service profile available for download on the corporate intranet.

Businesses with specific requirements for network access

A technology company is increasingly worried about security but wants to continue to allow remote access connections for traveling users and for employees who work from home. The company wants to use Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec) VPN connections, but it is concerned about the ability of their users who are not joined to the corporate domain to get the appropriate certificates that these connections require. Additionally, the company has issued multiple requests for its employees to upgrade the operating systems on their home computers and to run current antivirus software on those computers, but evidence strongly suggests that not all employees have complied. The best solution would be to grant full access to the corporate network only to those remote access connections that comply with the company’s requirements, restricting other connections to a quarantined network that has access only to the software that compliance requires.

The company configures a certification authority on their corporate intranet and configures Routing and Remote Access on a server that is running Microsoft Windows Server 2003. Remote access policies are configured for Point-to-Point Tunneling Protocol (PPTP) connections, L2TP connections, and for quarantining all remote access connections that do not meet company requirements for operating system, connection software, and antivirus software. An administrator writes a custom action script and uses the Connection Manager suite and the Windows Server 2003 Resource Kit Tools to create a Connection Manager service profile. This profile checks for required programs, registry settings, and files; quarantines the remote access connection until compliance has been verified; and requests and installs a certificate for an L2TP/IPSec connection. The administrator makes the service profile available for download on the corporate intranet and the quarantine network, and the administrator burns the profile onto CD-ROMs for distribution to new employees.

Businesses that want to brand their connections

An ISP has access points and customers all over the world. The customer base uses a diverse set of operating systems, including many versions of Windows operating systems. The company wants to provide a branded, distinctive service to all of its customers, including its own icons, graphics, customized online Help, and troubleshooting steps. The company also wants to reduce the amount of training necessary for its support personnel to troubleshoot customer connections. The best solution would be to provide distinctively branded connections that resemble each other as much as possible in usage and appearance, regardless of operating system and language.

For its Windows users, the company creates phone books in each language that it supports and then publishes them to PBS servers. The company then creates a dial-up service profile in each language that it supports, makes the profiles available on its public Web site, and mails floppy disks with the appropriate service profile to its existing customers.

Connection Manager Dependencies

Because Connection Manager is designed to be customizable, the actual dependencies and requirements of individual service profiles vary widely. However, each component of the Connection Manager suite has some consistent dependencies.

Connection Manager

Connection Manager requires one of the following operating systems:

Microsoft Windows 98

Microsoft Windows 2000

Microsoft Windows Millennium Edition

Microsoft Windows XP

Microsoft Windows Server 2003

Connection Manager also requires a supported version of Internet Explorer to be installed on the same computer. Internet Explorer does not have to be set as the default browser, and the user does not have to use Internet Explorer. Supported versions of Internet Explorer include:

Connection Manager Administration Kit

The Connection Manager Administration Kit (CMAK) must be installed on a supported operating system. Although the operating system is the only specific requirement, creating a service profile that meets particular needs might require additional programs or files to be available on the computer on which CMAK is installed. These programs and files include those that the administrator wants to use in custom actions or as additional files.